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Abstract.  The  paper  presents  an  approach  suitable  for  on- 
line diagnosis,  which  aims  at  automatically  abstracting  the 
domains  of  discrete  variables  in  the  model  (i.e.  behavioral 
modes  of  system  components)  in  order  to  keep  only  those 
distinctions  that  are  relevant  given  the  available  observations 
and  their  granularity. 

In  particular  the  paper  describes  an  algorithm  which  iden- 
tifies indistinguishable  behavioral  modes  by  taking  into  ac- 
count specific  classes  of  available  observations  and  derives  an 
abstract  model  where  such  modes  are  merged  and  the  domain 
model  is  revised  accordingly. 

By  considering  increasingly  restricted  classes  of  available  ob- 
servations (and/or  granularity  of  observations),  a set  of  ab- 
stract models  can  be  derived  that  can  be  exploited  through 
model  selection  each  time  a new  diagnostic  problem  has  to  be 
solved. 

The  approach  has  been  tested  within  the  framework  of  a di- 
agnostic agent  for  a space  robotic  arm,  and  experimental  re- 
sults showing  the  reduction  in  the  number  of  diagnoses  are 
reported. 

1 Introduction 

Model  based  diagnosis  has  been  applied  successfully  to  auto- 
matic on-board  diagnosis  problems  in  a variety  of  domains, 
including  automotive  and  space  missions  ([1],  [10]). 

While  many  problems  are  common  to  off-line  and  on-line 
diagnosis,  the  latter  presents  some  peculiar  challenges,  the 
most  apparent  of  which  concerns  the  tough  constraints  on 
computational  resources  and  time  ([3]). 

Another  difficult  problem  both  on-line  and  off-line  diagnosis 
have  to  deal  with  is  the  potentially  large  number  of  alterna- 
tive diagnoses  returned  by  a diagnostic  system  when  a specific 
problem  has  to  be  solved. 

One  classical  way  of  addressing  this  problem  consists  in  defin- 
ing preference  criteria  among  diagnoses,  usually  based  on 
some  form  of  minimality  (see  e.g.  [6])  or  probability,  so  that  a 
number  of  admissible  diagnoses  can  be  discarded  because  of 
their  implausibility  . 

We  can  also  approach  the  problem  not  at  diagnosis  time,  but 
at  earlier  time  (i.e.  during  system  design  and  modeling):  there 


exist  guidelines  for  creating  models  suitable  for  troubleshoot- 
ing (see  e.g.  [8])  as  well  as  methods  for  suggesting  the  place- 
ment of  enough  sensors  in  the  system  to  guarantee  that  only 
one  or  a few  admissible  diagnoses  will  be  returned  in  each  sit- 
uation (see  for  example  [15]);  sensors  failures  can  be  handled 
by  an  adequate  level  of  redundancy. 

Finally,  the  encoding  of  large  sets  of  diagnoses  in  a compact 
way  can  at  least  alleviate  the  explosion  of  time  and  space 
required  to  compute  and  handle  such  large  sets  (see  [11]). 

Unfortunately,  all  these  approaches  only  provide  a partial 
solution;  while  preference  criteria,  cleverly  written  models  and 
compact  encoding  do  not  guarantee  that  the  reduced  set  of 
diagnoses  is  small  enough  in  all  situations,  exhaustive  sensor 
placement  may  be  too  expensive  or  just  impossible  because 
the  device  design  is  already  frozen. 

In  off-line  diagnosis,  there’s  an  additional  possibility:  when 
the  number  of  diagnoses  returned  on  the  basis  of  available 
observations  is  too  high,  further  discriminant  measures  can 
be  automatically  suggested  and  manually  taken  until  a satis- 
factory level  of  discrimination  is  reached.  Effective  techniques 
based  on  information  theory  and  probability  have  been  de- 
vised to  support  this  process  (e.g.  [7]).  However,  for  on-board 
diagnosis,  this  approach  is  inadequate  since  in  most  cases  the 
only  available  measures  are  provided  by  sensors  and  taking 
further  measures  manually  is  out  of  question. 

In  this  paper  we  present  an  approach  suitable  for  on-board 
diagnosis,  which  aims  at  automatically  abstracting  the  do- 
mains of  discrete  variables  in  the  model  (i.e.  behavioral  modes 
of  system  components)  in  order  to  keep  only  those  distinc- 
tions that  are  relevant  given  the  available  observations  and 
their  granularity.  As  we  shall  see,  this  can  significantly  reduce 
the  number  of  returned  diagnoses. 

The  paper  is  structured  as  follows.  In  section  2 we  in- 
troduce some  definitions,  in  particular  the  notion  of  indis- 
tinguishability  among  the  behavioral  modes  of  a component. 
In  section  3 we  present  an  algorithm  which  identifies  indis- 
tinguishable behavioral  modes  by  taking  into  account  specific 
classes  of  available  observations  and  derives  an  abstract  model 
where  such  modes  are  merged  and  the  domain  model  is  revised 
accordingly  Section  4 discusses  some  ways  the  algorithm  can 
be  used  effectively  in  diagnostic  problem  solving. 


Ill  section  5 we  report  experimental  results  obtained  by  im- 
plementing and  running  the  algorithm  on  the  model  for  a 
space  robotic  arm.  Finally,  in  section  6 we  briefly  review 
other  approaches  in  the  literature  and  underline  similarities 
and  differences  with  respect  to  our  own. 

2 Basic  Definitions 

First,  we  define  a system  structure  description  (SSD)  by 
slightly  modifying  the  definition  in  [5]: 

Definition  2.1  A Structured  System  Description  (SSD)  is  a 
tuple  (V,  Q,  DT ) where: 

V is  a set  of  variables  whose  domains  DOM(v),v  G V are 
discrete  and  finite.  Moreover,  variables  in  V are  partitioned  in 
the  following  sorts:  CXT  (inputs),  COMPS  (components), 
STATES  (endogenous  variables),  ODS  (observables)  1 
DT  (Domain  Theory)  is  a set  of  Horn  clauses  defined  over 
V representing  the  behavior  of  the  system  ( both  normal  and 
faulty).  Note  that  the  clauses  are  constructed  in  such  a way 
that  the  roles  associated  with  variables  belonging  to  different 
sorts  are  respected:  CXT  and  COMPS  variables  will  always 
appear  in  the  body  of  clauses;  OBS  variables  will  always  ap- 
pear as  heads  of  clauses;  STATES  variables  can  appear  in 
both 

Q (System  Structure)  is  a DAG  whose  nodes  are  in  V repre- 
senting the  structure  of  the  system.  The  graph  can  be  directly 
computed  from  DT , being  just  a useful  way  for  making  explicit 
the  structural  properties  “hidden”  in  DT  clauses:  whenever  a 
formula  iVi(&mi)  A ...  A Nk(bmk)  =>  M(bmi)  appears  in  DT, 
nodes  Ni  through  Nk  are  parents  of  M in  the  graph 

Since  the  system  structure  graph  Q is  a DAG.  a partial  prece- 
dence relation  holds  between  connected  nodes  in  the  graph: 

Definition  2.2  We  denote  with  y the  usual  precedence  par- 
tial order  relation  over  nodes  in  DAG  Q,  i.e.:  N y M if  there 
exists  a directed  path  from  N to  M. 

Given  an  SSD  we  can  define  specific  diagnostic  problems  over 
it: 

Definition  2.3  A diagnostic  problem  is  a tuple  DP  = 
(SDD,  OBS',  CXT)  where  SSD  is  the  System  Structured 
Description,  OBS'  is  an  instantiation  of  OBS'  C OBS  and 
CXT  is  a complete  instantiation  of  CXT 

We  are  now  ready  to  give  our  definition  of  diagnosis,  which  is 
a fully  abductive  characterization  2 (see  [4]): 

Definition  2.4  Given  a diagnostic  problem  DP  = 
(SDD,  OBS',  CXT)  an  assignment 

H = {ci(fimi), . . . ,cn(bmn)}  of  a behavioral  mode  to  each 
component  Ci  € COMPS  is  a diagnosis  for  DP  if  and  only 

if: 

'im(x)  G OBS'  DT  U CXT  U H \-  m(x) 

and 

Vm(r)  G OBS'  DT  U CXT  U H\f  m(y)  for  y^x 

1 We  assume  that  observables  never  influence  other  variables.  This 
is  not  restrictive:  each  observable  parameter  which  influences 
other  variables  is  modeled  as  an  endogenous  variable  (i.e.  it  be- 
longs to  STATES)  with  an  associated  observable  in  OBS 

2 Note  however  that  our  approach  does  not  depend  on  the  definition 
of  diagnosis  being  abductive  vs  consistency-based 


Since  in  our  definition,  OBS'  is  (in  general)  a partial  instan- 
tiation of  OBS,  we  can  introduce  the  notion  of  diagnoses  that 
can’t  be  discriminated  given  OBS'  but  that  may  be  discrim- 
inated if  more  observables  were  available: 

Definition  2.5  Given  a diagnostic  problem  DP  = 

(SDD,  OBS',  CXT),  let  us  suppose  that  HI  and  H2 
are  two  diagnoses  for  DP.  HI  and  H 2 are  discriminable  if 
and  only  if  3 m \ rn  G (OBS  — OBS')  such  that 
DT  U CXT  U H 1 h m(a ) 

DT  U CXT  UF2h  m(b) 
m(a)  ^ m(b ) 

Diagnoses  are  complete  instantiations  of  variables  in  sort 
COM  PS.  We  now  turn  into  considering  two  such  assignments 
A1  and  A2  and  compute  the  projections  3 of  their  transitive 
closures  4 over  OBS  (OBS1  = projectoBs(tclosure(Al)) 
and  OBS2  = projectoBs(tclosure(A2))  respectively),  given 
a fixed  context  CXT. 

If  OBS1  = OBS2  then  -41  and  .42  are  indiscriminable  di- 
agnoses for  diagnostic  problem  (SDD,  OBS,  CXT)  where 
OBS  = OBS1  (and  = OBS2).  An  interesting  relation  be- 
tween A1  and  .42  holds  when  this  situation  happens  under 
any  fixed  context  CXT: 

Definition  2.6  Let  .41  and  .42  be  two  complete  in- 
stantiations of  COMPS;  if,  given  any  context  CXT, 
projectoBs(tclosure(Al))  = projectoBS  (tclosure(A2)),  then 
we  say  that  .41  and  .42  are  indiscriminable. 

In  the  above  definition  we  have  considered  the  case  where 
all  OBS  are  available.  Let’s  now  consider  the  case  (as  it  is 
usual  in  on-board  diagnosis)  when  we  can  identify  subsets  of 
OBS  that  may  be  the  only  available  manifestations  (e.g.  only 
sensorized  manifestations  may  be  available  on-board,  with  no 
possibility  to  perform  further  measurements). 

Let  {CLa,}  denote  such  identified  interesting  subsets  (not  nec- 
essarily all  disjoint);  we  can  now  refine  definition  2.6  as  fol- 
lows: 

Definition  2.7  Two  assignments  A1  and  A2  are  CLk- 
indiscriminable  iff  they  are  indiscriminable  by  considering 
OBS  restricted  to  CLk,  i.e.  VCXT  projector  (tclosure(Al)) 
= projecbcLh  (tdosure(A2)) 

Given  the  above  definitions,  we  are  now  ready  to  characterize 
formally  two  behavioral  modes  (i.e.  values  from  the  domain  of 
a component  variable  (fi)  that  may  be  safely  collapsed  together 
without  loosing  any  discriminability  power  of  the  model: 

Definition  2.8  Let  bmr  and  bms  be  two  behavioral  modes 
of  component  variable  Ci;  if  for  any  two  assignments  A1  = 
( al  A Ci(bmr)  A ce2)  and  .42  = (a:l  A Ci(bms)  A a:2)  such  that 
they  differ  only  in  the  mode  associated  to  Ci,  .41  and  A 2 are 
(CLk-)indiscriminable,  then  we  say  that  bmr  and  bm.s  are 
(CLk  -)  indistinguishable. 


3 A projection  of  a set  of  instantiated  variables  I over  a set  of 
variables  W ( projectw(I ))  is  just  the  subset  of  I that  mentions 
variables  in  W 

4 The  transitive  closure  of  Ai  (tclosure(Ai))  is  the  set  of  m(x)  s.t. 
DT  U CXT  U Ai  h m(x) 


3 Automatic  Domain  Abstraction 
3.1  The  Algorithm 

In  this  section  we  present  an  algorithm  which  identifies  indis- 
tinguishable modes  in  a given  model  (that  we  will  refer  to  as 
the  detailed  model),  and  generates  a simplified  model  (that 
we  will  call  abstract ) where  mutually  indistinguishable  modes 
are  merged  in  new  modes.  The  algorithm  assumes  that  the 
model  is  defined  as  in  definition  2.1  and  further  assumes  that 
in  the  system  structure  graph  Q at  most  one  directed  path 
exists  between  any  two  nodes. 

The  top  level  function  Abstract  ()  is  sketched  as  pseudo- 
code in  figure  1 while  other  relevant  functions  called  by 
Abstract  ()  are  showed  in  figure  2. 

Parameter  CLk  C Obs  of  Abstract  ()  contains  the  list 
of  available  manifestations,  while  II cLk  associates  to  each 
M G CLk.  its  granularity  in  the  form  of  a partition  II m over 
DOM(M). 

Manifestations  that  aren’t  available  at  all  do  not  belong  to 
CLk.  If  M is  available  at  a certain  level  of  granularity,  IIm 
will  contain  as  many  classes  as  the  distinguishable  values  for 

M,  and  each  class  will  contain  all  the  v G DOM(M)  that 
can’t  be  distinguished  at  the  available  level  of  granularity.  As 
a special  case,  if  M is  available  at  its  maximum  granularity, 
IIm  will  contain  a separate  class  for  each  v G DOM(M). 

The  first  few  instructions  of  Abstract  ()  perform  an  initial 
abstraction  of  the  model  based  on  ncLj.:  indistinguishable 
values  for  each  manifestation  M (i.e.  those  that  belong  to  the 
same  class  in  IIm)  are  substituted  in  DT  by  a new  '’abstract” 
value  representing  the  whole  class. 

The  call  to  TopologicalSortO  returns  a list  contain- 
ing variables  in  Comps  U States  such  that  if  two  variables 

N, M  satisfy  relation  2.2  (i.e.  N >-  M)  we  guarantee  that 
position(N)  > position(M).  In  particular,  we  start  a visit 
of  the  system  structure  graph  Q at  the  available  observation 
nodes  and  proceed  backwards  by  visiting  a node  only  if  all  its 
immediate  successors  have  already  been  visited. 

Note  that,  by  starting  the  visit  at  the  available  manifesta- 
tions only  (i.e.  CLk),  some  of  the  Comps  and  States  may  not 
be  reached  at  all;  these  nodes,  that  are  connected  only  to 
unavailable  manifestations,  are  stored  in  a TrivialNodes  list 
(see  below). 

The  main  loop  in  Abstract  (),  for  each  variable  N in 
the  list,  first  computes  the  conditions  under  which  the 
variable  influences  its  immediate  successors  modes  (this  is 
recorded  in  an  associative  memory  InfluencesMatrixD); 
then,  by  using  Inf luencesMatrix  []  it  computes  the  par- 
tition of  all  the  modes  of  the  variable  in  equivalence 
classes  determined  by  the  indistinguishability  relation 
(FindlndistinguishableModesQ);  finally  it  replaces  the  oc- 
curences of  the  modes  in  the  DT  clauses  with  newly  introduced 
“class  representative”  modes  (MergeModesO). 

If  the  call  to  FindlndistinguishableModesQ  produced  a 
trivial  partition  for  N (i.e.  only  one  class  coinciding  with 
DOM(N))  then  N itself  is  added  to  the  list  of  trivial  nodes. 

When  Abstract  O terminates,  TrivialNodes  contains  the 
components  and  states  whose  behavioral  modes  are  all  equiv- 
alent in  influencing  relevant  manifestations  (i.e.  M G CLk). 
These  nodes,  together  with  unavailable  manifestations  (i.e. 
M € Obs\Cifc)  are  obviously  redundant  for  the  diagnostic 
task  and  the  caller  of  Abstract  0 may  decide  to  completely 


remove  them  from  the  model. 

Let’s  now  describe  into  some  more  detail  the  functions 
called  by  Abstract  O (figure  2). 

Function  FindlnfluencesO  considers  how  each  mode  bmr 
of  variable  N under  consideration  can  cause  mode  bm.s  of 
immediate  successor  variable  AT.  The  condition  under  which 
N(bmr)  causes  M(bms)  is  clearly  the  disjunction  of  conjunc- 
tions of  the  form  a = ai  A <*•>  where  a.±  and  a-z  occur  in  a 
formula  asi  A N(bmr)  /\az=>  M(bms). 

Function  FindlndistinguishableModesQ  is  recursive;  at 
each  call  it  partitions  a set  of  modes  into  indistinguishabil- 
ity classes  based  on  a single  immediate  successor  node  and 
then  calls  itself  recursively  on  each  of  the  generated  equiva- 
lence classes  in  order  to  further  discriminate  by  considering 
the  remaining  immediate  successors. 

Note  that  in  the  test  ((a,  tv)  € II Cond)  we  are  testing  proposi- 
tional formulas  for  identity;  we  assume  that  any  two  equiva- 
lent formulas  have  been  made  identical  at  that  point  by  calls 
to  normalize()  in  Findlnf  luences  Q . Normalization  is  not  too 
computationally  expensive  since  the  formulas  we  handle  are 
in  DNF  and  only  positive  literals  can  occur. 

Function  MergeModesO,  given  a partition  II 
(either  an  element  of  HcLk  or  computed  by 
FindlndistinguishableModesQ),  considers  the  equiva- 
lence classes  tv  one  at  a time.  It  generates  a new  name  v as 
a “representative”  for  the  class  and  then  scans  the  DT  set  of 
formulas  for  occurrences  of  bm  G tv  and  replaces  them  with 
v.  This  process  can  produce  duplicate  formulas  5;  by  using 
set  notation  in  the  pseudo-code  we  underline  that  only  one 
copy  of  the  duplicate  formulas  has  to  be  added  to  the  new 
version  of  DT. 

3.2  Correctness 

In  this  paragraph  we  state  two  properties  which  imply  that 
the  abstraction  algorithm  behaves  as  intended. 

Property  3.1  If  two  behavioral  modes  are  put  in  the  same 
class  w by  function  FindlndistinguishableModesQ  they  are 
CLk -indistinguishable  in  the  sense  of  definition  2.8. 

Proof.  Given  assignments  AI  = an  U {N(bmr i)}  U a-2  and 
A2  = U {N(bmrz)}  U «2  suppose  DT  U CXT  U AI  h m(x) 
while  DT  U CXT  U A2  \f  m(x)  for  some  m G CLk.  Clearly, 
it  can’t  be  m(x)  € tclosure(al  U a2)  because  otherwise  m.(x) 
would  be  derivable  from  A2  as  well. 

Then,  the  entailment  of  m(x)  by  AI  must  exploit  at  some 
point  N(bmri)  by  using  a formula  ip  = (N(bmr i)  A7=t  L). 
If  L = m(x),  i.e.  the  formula  directly  entails  m(x),  then,  an 
analogous  formula  = (N(bmr 2)  A j'  m(x))  must  exist 
in  DT,  with  7 7'  (indeed,  two  modes  are  put  in  the  same 

partition  only  if  they  have  the  same  direct  effects  under  the 
same  conditions).  Then,  DT  U CXT  U A2  b m(x),  which  is  a 
contradiction. 

This  result  can  be  extended  to  the  case  when  L / m(x)  (i.e. 
the  number  of  steps  between  the  application  of  formula  (p 
and  the  conclusion  m(x)  is  greater  than  1)  with  a proof  by 
induction.  □ 


5 This  is  not  incidental:  the  value  of  our  abstraction  partially  lies 
in  the  collapse  of  formulas 


Function  Abstract(V  = { Cxt,  Comps,  States,  Obs  },  G,  DT,  CLk,  II cLk) 

ForEach  M G CLk 

DT  :=  MergeModes (M , II cLk{M),  DT) 

Loop 

Candidates  :=  TopologicalSort (States  U Comps,  CLk,  G) 

TrivialNodes  :=  States  U Comps  \ Candidates 
InfluenceMatrix  :=  0x0x0 
ForEach  (iV  G Candidates) 

ImmediateSuccessors  :=  {children  of  N in  the  system  structure  graph  G}  fl  (Canditates  U CLk.) 
InfluenceMatrix  :=  InfluenceMatrix  U FindInfluences(iV,  ImmediateSuccessors) 

II  :=  FindlndistinguishableModesGV,  modes(N) , ImmediateSuccessors,  InfluenceMatrix) 

If  (II  = {DOM(N)})  Then  TrivialNodes  :=  TrivialNodes  U {IV} 

DT  :=  MergeModes (N , n,  DT) 

Loop 

Return 

EndFunction 


Figure  1.  Sketch  of  the  Abstract  ()  function 


The  following  property  is  intended  to  demonstrate  the 
correspondence  of  a diagnosis  at  the  abstract  level  to  a set  of 
diagnoses  at  the  detailed  level. 

Property  3.2  Let  DP 'd  = (SSDd,  OBS'.  CXT)  be  a di- 
agnostic problem  and  DPa  = (SSDa,  OBS',  CXT)  the 
corresponding  problem  at  the  abstract  level.  Then,  Da  = 
{ci(Vi ), . . . ,cn(yn)}  where  Vi  is  a new  behavioral  mode  in- 
troduced in  place  of  set  {bmu, . . . ,bm(ki}  of  indistinguishable 
behavioral  modes  is  a diagnosis  for  DPa  iff  all  the  elements 
in  the  set: 

{{ci(bmih), . . ■ ,cn{bmnjn)},ji  = 1 ...h} 
are  diagnoses  for  DPd. 

Proof.  Our  proof  is  subdivided  in  3 steps:  first,  we  prove 
that  for  any  two  diagnoses  at  the  detailed  level  Du  and  Dd 2, 
projectoBS'(tcl°sure(Ddi))  = proje.ctoBS'(tdosure(Dd2)), 
where  OBS'  C OBS  represents  the  available  manifestations 
(parameter  Obs  of  function  Abstract  ()).  Then,  we  prove  that 
for  any  detailed  diagnosis  Dd,  proje.ctoBS'(tclosure(Dd ))  = 
projectoBS’{tclosure(Da)).  Finally,  we  exploit  this  result  to 
prove  the  theorem  thesis. 

In  the  following,  projectoBS'  {tclosure(.))  has  been  abbrevi- 
ated in  tcoBS'i ■)■ 

For  step  1,  we  proceed  by  induction  on  the  number  of 
components  which  are  assigned  different  behavioral  modes 
in  assignments  Dd i and  Dd ■>.  The  case  n = 1 (i.e.  Dd i = 
ctU  {ci(bmr)}  and  Dd-i  = ctU{cj(6ms)})  follows  from  the  def- 
inition of  indistinguishability  of  bmr  and  bms. 

For  the  inductive  step,  where  Dd\  = al  U {ci(bmr)},  Dd 2 = 
a-2  U {ci(bms)}  and  al,a2  differ  in  assignments  to  n compo- 
nents, we  note  the  following  relations  hold: 
tcoBS’(o-l  U Ci(bmr))  = tcvBS'ia  1 U Ci(bms)) 
from  indistinguishability  of  bmr  and  bms,  and: 
tcoss’  (al  U a(bms ))  = tcoBS'  («2  U Ci(bms)) 
from  inductive  hypothesis.  It  then  follows  that  fcoBS'(«l  U 
CifbmT ))  = tcoBS’  («2  U Ci(bms)). 

In  order  to  carry  step  2,  we  note  that,  since  Vi  is  substituted 
by  MergeModes  ()  wherever  a mode  brriiji  of  its  associated  class 


7 r appears,  the  following  holds: 

tcoBS'(Da)  = U/!,. tcoBS' {{ci{bmih), . . . ,cn(bmnjn)}) 
But,  in  step  1,  we  have  proved  that  all  the  terms  of  the  union 
are  equal.  So,  tcoBS1  (Da)  is  equal  to  the  tcoBS'  of  any  of  the 
Dd. 

We  use  this  result  for  step  3:  Da  is  a diagnosis  with  the 
abstracted  model  iff  DT  U CXT  U Da  \-  OBS';  but,  then, 
for  any  Dd  the  same  entailment  must  hold,  thus  any  Dd  is  a 
diagnosis  at  the  detailed  level.  The  converse  is  analogous.  □ 


3.3  An  Example 

We  end  this  section  by  illustrating  how  the  abstraction  algo- 
rithm works  on  a very  simple  SSD.  Let  the  original  Domain 
Theory  DT  contain  the  following  clauses  (figure  3 shows  the 
associated  System  Structure  Graph): 


sl(a)  A s2(a)  =£■  ml(i) 
sl(a)  A s2(6)  =>  ml{x) 
sl(a)  A s2(c)  =s  ml(x) 
sl(b)  A s2(a)  =>  ml(y) 
sl(6)  A s2(6)  =>  ml(y) 
sl(b)  A s2(c)  =>  ml(y) 


sl(a)  A s2(a)  =>  m2(x) 
sl(a)  A s2(f>)  =>■  m2(x) 
sl(a)  A s2(c)  =*>  m2(z) 
sl(b)  A s2(a)  =>  m2(y) 
sl(b)  A s2(b)  =>  m2(y) 
sl(b)  A s2(c)  m2(z) 


il(a)  A cl(a)  A c2(a)  =>■  sl(a) 
il{a)  A cl(a)  A c2(i>)  sl(a) 
il{a)  A cl(a)  A c2(c)  =>•  sl(i>) 
il{a)  A cl({>)  A c2(a)  =>  sl(a) 
il(a)  A cl(b)  A c2(b)  =>  si  (a) 
il(a)  A cl(b)  A c2(c)  =>  sl(i>) 


il{b)  A cl(a)  A c2(a)  =>•  sl(&) 
tl(&)  A cl(a)  A c2(b)  sl(&) 

il(&)  A cl(a)  A c2(c)  sl(a) 
il(b)  A cl(f>)  A c2(a)  =>■  sl(&) 
il(&)  A el(&)  A c2(b)  =>  si (b) 
il(b)  A cl(f>)  A c2(c)  sl(a) 


i2(a)  A c3(a)  =k  s2(c) 
i2(a)  A c3(i>)  =>  s2(a) 
i2(a)  A c3(c)  =k  s2(&) 
i2(b)  A c3(a)  =>  s2(c) 
i2(b)  A c3(6)  s2(a) 

i2(b)  A c3(c)  =>  s2 (&) 


Function  FindlnfluencesUV,  ImmediateSuccessors) 

NodelnfluenceMatrix  :=  0x0x0 

ForEach  (bmr  £ modes(N) , AT  £ ImmediateSuccessors,  £ modes(M)) 

Formulas  :=  {clauses  where  N(bmr ) occurs  in  the  body  and  M(bms ) occurs  in  the  head} 

a : = false 

ForEach  ((ai  A N(bmr)  A £*2  =>  M(bms))  £ Formulas) 
a :=  a V (ai  A 0:2) 

Loop 

NodelnfluenceMatrix  :=  NodelnfluenceMatrix  U {(N(bmr),  M(bms),normalize(a))} 

Loop 

Return  NodelnfluenceMatrix 
EndFunction 

Function  FindIndistinguishableModes(iV,  Modes,  Nodes,  InfluenceMatrix) 

M :=  firsti Nodes) 

Hcon<£  • — 0 

ForEach  ( bmr  £ Modes) 

a :=  Ut.m,  ( InfluenceMatrix (.N(bmr),  M(bms)),  M(bms)  ) 

If  ({ck,7t}  £ IIcorl(j)  Then 

Hcon<i  H cond  {{tt,  7t}}  U {{ct,  7T  U {I'm-,-}}} 

Else 

H cond  Tlcond  LI  {{tt,  {&tn-r}}} 

Endlf 

Loop 

11  :=  U(a,7r>enc.0„ci{7r} 

If  (taiKNodes)  ^0) 

ForEach  (7 r £ II) 

II  :=  II  — 7r  U FindIndistinguishableModes(Ar,  7r,  toiKNodes) , InfluenceMatrix) 

Loop 

Endlf 
Return  II 
EndFunction 

Function  MergeModes  (IV,  II,  DT) 

DT’  :=  0 
ForEach  (7T  £ II) 

v :=  GenerateNewModeName(7r) 

Formulas  :=  {clauses  for  which  3bmr  £ tt  s.t.  N(bmr)  appears  in  the  body  or  head} 
ForEach  ((<p  = ot\  A N(bmr)  A <*2  =>  M ( bms ))  £ Formulas) 

DT’  :=  DT’  U {(on  A N(v)  Aa2=>  M(bms))} 

Loop 

ForEach  ((1 p = a =>  N(bmr ))  £ Formulas) 

DT’  :=  DT’  U {(a  =*>  IV(j/))} 

Loop 

Loop 

Return  DT’ 

EndFunction 


Figure  2.  Sketch  of  the  main  functions  called  by  Abstract!) 


with  OBS  = {ml,  m2},  STATES  = {sl,s2},  COMPS  = 
{cl,c2,c3}  and  CXT  = {il,i2}. 

Let  the  domains  of  the  variables  be  as  follows: 

DOM  (ml)  = {x,  yj,DOM  (m2)  = {x,y,z} 

DOM  (si)  = { a,b},DOM(s2 ) = { a,b,c } 

DOM  (cl)  = {a,b},  DOM  (c2)  = DOM(cZ)  = {a,6,c} 
DOM(il)  = {a,  &},  DOM(i2)  = {a,,b} 

Furthermore,  let’s  assume  for  simplicity  that  all  the  OBS  are 
available  at  their  maximum  granularity. 

The  algorithm  starts  by  trying  to  merge  modes  of  si. 
The  InfluenceMatrixO  entries  relating  si  to  ml  are: 
(sl(a),  {(ml(r),  s2(a)  V s2(i>)  V s2(c)},  (ml(y),  -L}}} 

(si (6),  {(m.l(x),  X),  { ml(y),s2(a ) V s2(b)  V s2(c)}}} 
it  follows  that  modes  a,b  of  si  can’t  be  merged.  It  is  now  s2 
turn  to  be  considered;  the  entries  relating  s2  to  ml  are: 
(s2(a),{(m.l(x),  sl(o)>,  (ml(i/),sl(fc))}} 

(s2(b),  {(ml(i),  sl(o)>,  (ml(y),sl(b))}) 

(s2(c),{(ml(x),  sl(o)>,  (ml(y),  sl(i>)}}} 
it  may  seem  that  modes  a,  b,  c of  s2  can  be  merged;  however, 
s2  also  influences  another  manifestation,  m2: 

(s2(a),{(m2(x),  si  (a)),  ( m2(y),sl(b )),  (m2(z),  -L}}} 
(s2(b),{(m2(x),  sl(a)>,  (m2(y),sl(b)),  (m2(z),l>}> 

(s2(c),  {{m2 (a:),  _L),  (m2(y),  _L),  (m2(z),sl(a)  V si (b)}}) 
we  can  thus  merge  modes  a,  b in  new  mode  ab,  but  not  mode 


Having  considered  all  the  states,  we  now  turn  to  the  compo- 
nents, starting  from  cl: 

(cl(a),  {{si (a),  (il(a)Ac2(o))V(il(a)Ac2(6))V(il(6)Ac2(c))}, 
(sl(6),  (tl(a)Ac2(c))V(tl(f>)Ac2(a))V(il(6)Ac2(b))}}} 
(cl (b),  {{si (a),  (tl(a)Ac2(a))V(tl(a)Ac2(b))V(il(b)Ac2(c))}, 
{si (b),  (il(a)Ac2(c))V(il(b)Ac2(a))V(il(b)Ac2(b))}}} 


modes  a,  b of  cl  can  then  be  merged  in  new  mode  ab:  note  that 
cl  goes  into  the  trivial-nodes  list,  since  all  its  domain  has  col- 
lapsed into  a singleton.  Similar  arguments  lead  to  merging 
modes  a,  b of  c2;  however,  mode  c of  c2  can’t  be  merged  with 
the  other  two  modes. 

Component  c3  is  the  only  one  left  to  be  considered: 
(c3(a),  {(s2(ab),  _L),  {s2(c),  i2(a)  V i2(b))}) 

{ c3(& ),  {{s2(a&),  i2(a)  V i2(b)),  { s2(c ),  ±}}} 

(c3(c),  {{s2(a&),  i2(a)  V i2(b)),  {s2(c),  h}}} 
we  can  merge  modes  &,  c into  a new  node  be.  Note  that  we  can 
merge  these  modes  only  because  we  already  unified  modes  a 
and  b of  s2;  the  importance  of  processing  variables  in  the  >- 
relation  order  is  now  evident. 

Note  also  that  we  could  have  considered  for  abstraction  s2 
before  si,  or  c2  before  cl  or  after  c3  since  si,  s2  and  cl,  c2,  c3 
are  not  tied  by  the  precedence  order  relation.  It  is  easy  to  see 
that  in  such  case  the  same  mergings  would  have  taken  place 
anyway. 

The  output  of  the  process  described  above  results  in  a re- 
vised domain  theory: 


sl(a)  A s2(ab)  =$■  ml(x) 
sl(a)  A s2(c)  =>  ml(x) 
sl(&)  A s2(ab)  =$  ml (y) 
sl(b)  A s2(c)  =£■  ml(y) 


sl(a)  A s2(ab)  =>  m2(x) 
sl(a)  A s2(c)  =>  m2(z) 
sl(b)  A s2(a,b)  =>  m2(y) 
sl(6)  A s2(c)  =>  m2(z) 


il(a)  A cl(a&)  A c2(a&)  sl(a) 
il(a)  A cl(a&)  A c2(c)  =>  sl(b) 
il(b)  A cl(ab)  A c2(a&)  =>  si (6) 


Figure  3.  System  Structure  Graph  for  the  Example  Domain 
Theory 


il(b)  A cl(ab)  A c2(c)  =$■  sl(a) 

i2(a)  A c3(a)  =>  s2(c) 
i2(a)  A c3(bc)  =i>  s2 (ab) 
i2(b)  A c3(a)  s2(c) 

i2(b)  A c3(6c)  s2(ab) 


and  abstracted  domains: 

DOM(ml)  — {x,y},DOM(m2)  = {x,y,z} 

DOM  (si)  = {a,  b},DOM(s2)  = {ab,c} 

DOM  (cl)  = {ab},  DOM(c2)  = {ab,c},DOM(cZ)  = {a, be} 
DOM(il)  = { a,b},DOM(i2 ) = {a,b} 


4 Using  Abstract  Models  in  On-Board 
Diagnosis 

Having  described  how  the  abstraction  algorithm  works,  we 
now  consider  how  it  can  be  used  in  real  scenarios  to  practically 
improve  the  performance  of  the  diagnostic  problem  solver. 

A first,  scenario  is  when  the  manifestations  of  the  system 
can  be  naturally  subdivided  in  classes  CLk  (see  section  2); 
one  such  classes  will  contain  all  the  manifestations  (CLait), 
another  may  contain  only  sensorized  manifestations  (CLsens), 
further  ones  may  exclude  from  CL3ena  other  groups  of  mani- 
festations that  can  potentially  all  become  unavailable  together 
in  some  contexts.  Similarly,  manifestation  granularities  (ex- 
pressed as  abstraction  functions  n)  may  be  identified  and 
associated  to  classes  they  apply  to. 

Equipped  with  this  set  of  pairs  ( CLk,Ti },  we  can  generate 
off-line  a corresponding  set  of  models  Mki\  when  a specific  di- 
agnostic problem  is  presented  to  the  on-line  diagnostic  agent, 
the  minimal  { CLk,Ti ) that  covers  the  available  observations  is 
selected,  and  the  corresponding  model  Mki  is  used  to  compute 
diagnoses. 

Sometimes,  however,  classes  of  manifestations  (and  their 
granularity)  cannot  be  conveniently  identified  a-priori.  In  such 
cases  we  may  want  to  compute  an  abstract  model  on-demand, 
given  the  particular  CLk  and  n that  have  been  identified  as 
currently  available  6. 

The  system  may  perform  this  on-line  model  synthesis  as  a 
lower  priority  task,  asynchronously  with  the  diagnostic  tasks; 

6 How  this  info  can  be  gathered,  either  manually  or  automatically, 
is  out  of  the  scope  of  the  present  paper 


once  the  ad  hoc  M^i  has  been  computed  it  may  be  reused  for 
many  diagnostic  problems  until  some  conditions  on  the  avail- 
able observations  or  their  granularity  changes. 

Obviously,  time  overhead  is  added  by  the  computation  of 
models  but  in  some  situations  this  may  well  be  paid  off  by  the 
benefits  (see  below).  Moreover,  experimental  data  presented 
below  in  section  5 show  that  such  overhead  may  be  in  the  or- 
der of  the  time  needed  for  solving  a few  easy  diagnostic  cases 
(involving  a single  fault)  or  just  a difficult  one  (involving  mul- 
tiple faults);  keeping  in  mind  that  the  abstraction  algorithm 
is  only  run  once  whilst  many  diagnostic  problems  can  exploit 
such  a abstract  model,  this  overhead  may  be  acceptable. 

In  both  the  above  scenaxios,  the  number  of  returned 
diagnoses  is  reduced  by  returning  diagnoses  for  the  abstract 
model  that  correspond  to  sets  of  diagnoses  for  the  detailed 
model  that  carry  essentially  the  same  information,  as  proved 
in  section  3.2. 

Moreover,  whenever  a diagnosis  for  the  abstract  model 
mentions  a “compound  mode”  (i.e.  a new  mode  introduced  in 
place  of  a non-singleton  set  of  indistinguishable  modes),  we 
explicitly  know  that  the  set  of  modes  it  represents  couldn’t 
be  discriminated  even  in  different  contexts.  Thus,  in  case 
further  tests  involving  different  contexts  are  planned,  they 
shouldn’t  aim  at  that  kind  of  discrimination. 

Both  reduced-size  and  increased  informativity  of  the  result 
should  be  helpful  for  the  human  or  automatic  supervisor 
which  must  interpret  it  and  take  action  accordingly. 


5 Experimental  Results 

We  have  implemented  the  algorithm  described  above  as  a 
module  of  the  diagnostic  agent  for  the  space  robotic  arm  SPI- 
DER developed  by  ASI  (Agenzia  Spaziale  Italiana);  for  a de- 
scription of  the  diagnostic  agent  please  see  [12]  and  [11], 

The  model  of  the  robotic  arm  (which  obeys  definition  2.1)  is 
enough  complex  to  represent  an  interesting  test-bed:  it  con- 
sists of  35  assumables  (COMPS)  with  an  average  3.43  behav- 
ioral modes  each,  45  manifestations  ( OBS ) and  1143  formulas 

T 

Observations  in  such  a model  are  explicitly  partitioned 
into  two  classes:  sensorized  ( CLsena ) and  non-sensorized 
(CL  nosens  ).  While  observations  in  CLsens  can  reasonably  be 
assumed  to  always  be  available,  observations  in  CLnosens  are 
available  through  manual  measurements  that  can  be  carried 
only  during  off-line  diagnosis. 

We  have  applied  the  abstraction  algorithm  to  the  model 
by  passing  CLsens  as  the  available  observations  (assuming 
tobs  = identity,  i.e.  manifestations  available  at  their  maxi- 
mum granularity)  and  obtained  a simplified  model  as  output. 
Table  1 shows  some  relevant  static  measures  on  the  detailed 
and  abstract  models:  the  number  of  clauses  has  been  reduced 
by  18.6%,  and  the  average  number  of  behavioral  modes  per 
system  component  has  been  reduced  by  16.9%.  Compilation 
of  the  detailed  model  in  the  abstract  one  took  1494msec  of 
CPU  time  (all  results  in  this  section  are  referred  to  a Java 
implementation  of  both  the  diagnostic  agent  and  the  abstrac- 
tion algorithm,  compiled  and  run  using  jdkl.3  on  a Sun  Sparc 
Ultra  5 equipped  with  SunOS  5.8). 

' The  number  of  formulas  is  greatly  reduced  by  the  use  of  a noisy- 
max  modeling  technique,  see  [12] 


model 

clauses 

modes  avg 

detailed 

1143 

3.43 

abstract 

930 

2.85 

Table  1.  Comparison  between  abstract  and  detailed  models 


We  have  then  compared  the  performance  of  the  diagnostic 
agent  when  it  uses  the  detailed  (original)  versus  the  gener- 
ated abstract  model.  Using  the  simulator  for  the  diagnostic 
agent,  three  test  sets  of  100  diagnostic  problems  each  have 
been  automatically  generated;  problems  in  test  sets  1,  2 and 
3 had  1,  2 and  3 faults  injected  respectively.  Table  2 reports 
on  the  reduction  of  the  average  number  of  diagnoses  returned. 
Particularly  significant  appear  the  reductions  obtained  in  test 
set  2 (-43%)  and  test  set  3 (-61.6%). 

It  should  be  noted  that  the  diagnostic  agent  returns  only  pre- 
ferred diagnoses  (in  particular,  those  that  have  a minimal 
number  of  faults),  thus  the  reported  reductions  are  obtained 
by  compacting  “good-quality”  diagnoses,  not  by  discarding 
implausible  ones. 


model 

testset  1 

testset  2 

testset  3 

detailed 

5.0  ± 0.6 

17.9  ± 3.6 

123.3  ± 23.1 

abstract 

3.7  ± 0.4 

10.2  ± 1.9 

47.3  ± 8.4 

Table  2.  Average  number  of  elementary  diagnoses  obtained 
with  abstract  and  detailed  models  (confidence  95%) 

Even  if  our  diagnostic  agent  uses  a compact  encoding  for 
candidate  diagnoses  during  the  search  process,  thus  obtaining 
an  optimized  search  space  size  that  is  not  proportional  to  the 
number  of  diagnoses  ([11]),  the  average  time  employed  for 
solving  problems  using  the  abstract  model  appears  to  be  at 
least  no  worse  than  that  obtained  by  using  the  detailed  model 
(see  table  3). 


model 

testset  1 

testset  2 

testset  3 

detailed 

241  ± 19 

337  ± 45 

1212  ± 182 

abstract 

235  ± 25 

259  ± 32 

988  ± 153 

Table  3,  Average  CPU  times  obtained  with  abstract  and 
detailed  models  (in  msec;  confidence  95%) 

Consistent  results  (both  in  terms  of  static  reduction  of  the 
model  size  and  reduction  of  diagnoses)  have  been  obtained 
by  applying  the  abstraction  algorithm  to  other  subclasses  of 
manifestations  in  the  model.  Space  precludes  reporting  them 
in  this  paper. 

Please  note  that  the  faulty  behavioral  modes  modeled  for 
the  components  were  the  ones  listed  in  the  FMECA  document 
for  the  real  device,  thus  proving  that  the  results  obtained  with 
the  abstraction  algorithm  and  reported  above  are  of  interest 
for  a real-world  system. 

6 Related  Work  and  Conclusions 

Literature  on  MBD  contains  several  proposals  to  use  abstrac- 
tion as  a means  of  simplifying  system  model  and,  conse- 
quently, characterization  and  computation  of  diagnoses. 


Some  of  them  formulate  abstraction  rules  and  prove  that  ab- 
stractions obtained  by  their  application  preserve  important 
properties,  i.e.  by  reasoning  at  the  abstract  level  we  don’t 
overlook  any  diagnoses  ([9],  [13]). 

Among  the  rules  proposed  by  Mozetic,  rule  1 (Refin- 
ment /collapse  of  values)  aims  exactly  at  abstracting  sets  of 
values  at  the  detailed  level  into  a single  value  at  a more 
abstract  level.  Compared  to  our  approach,  however,  both 
Mozetic  and  Provan  assume  that  the  abstraction  is  done  man- 
ually, by  a human  knowledgeable  about  the  system  behavior 
and  structure.  Moreover,  they  use  the  abstract  models  only  in 
order  to  reduce  the  computational  complexity,  but  still  return 
detailed  level  diagnoses. 

In  a recent  paper  ([2]),  the  authors  improve  Mozetic  approach 
so  that  the  hierarchy  (still  manually  provided)  is  automati- 
cally rearranged  on  a case  by  case  basis  in  order  not  to  hide 
any  available  observations  from  the  abstract  levels. 

Sachenbacher  and  Struss  ([14])  have  defined  a relational- 
based  approach  (i.e.  the  behavior  model  is  given  as  a relation 
R among  tuples  of  variables)  for  automated  abstraction  of 
variables  domains  and  showed  its  usefulness  in  building  sys- 
tem models  by  composing  sub-system  models  and  then  ab- 
stracting away  values  details  that  are  not  of  interest  in  the 
resulting  model.  In  contrast  to  our  approach,  their  work  as- 
sumes that  a desired  abstraction  nars  be  given  as  part  of  the 
abstraction  problem,  together  with  the  restrictions  on  avail- 
able observations  information  r0bs  that  appear  also  in  our 
approach. 

Trav^-Massuyfes,  Escobet  and  Milne  ([15])  define  a notion  of 
indiscriminability  among  faulted  components  which  is  some- 
what similar  to  our  notion  of  indistinguishability  among  be- 
havioral modes.  Their  work,  which  is  based  on  a relational 
model  of  the  system,  aims  at  suggesting  the  addition  of  sen- 
sors in  order  to  make  all  the  possible  faults  discriminable. 

In  this  paper  we  have  shown  how  abstraction  of  variable 
domains  in  propositional,  qualitative  system  models,  can  sig- 
nificantly reduce  the  average  number  of  admissible  diagnoses 
when  only  a subset  of  observables  is  available. 

This  is  particularly  useful  in  on-line  diagnosis,  where  limita- 
tions on  the  number  and/or  granularity  of  observables  can 
likely  apply. 

The  algorithm  presented  in  the  paper  has  a larger  applicabil- 
ity than  discussed  so  far.  For  example,  it  can  be  used  as  a 
support  tool  for  diagnosability  during  system  modeling  (i.e. 
the  algorithm  can  point  out  discrepancies  between  the  gran- 
ularity of  the  model  being  defined  and  that  of  the  system 
observables). 

There  are  many  directions  we  are  considering  for  extending 
our  work.  The  current  version  of  the  algorithm  assumes  that 
in  the  device  structure  nodes  are  connected  by  at  most  one 
directed  path,  while  representation  of  some  systems  of  prac- 
tical interest  does  not  obey  to  this  restriction. 

We  also  could  explore  how  our  automatic  abstraction  tech- 
niques can  be  extended  in  order  to  merge  together  compo- 
nents whose  contributions  to  the  available  observations  are 
indiscriminable  (i.e.  introducing  the  notion  of  indistinguish- 
able components). 
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